Skip to main content
Showing results for 
Search instead for 
Did you mean: 

The ultimate Microsoft Fabric, Power BI, Azure AI & SQL learning event! Join us in Las Vegas from March 26-28, 2024. Use code MSCUST for a $100 discount. Register Now

Resolver I
Resolver I

Dynamic RLS issue on the service for a single user


I am having an issue with a report with RLS on the service.

The implementation is very simple using an access rule table with 2 columns [Username] and [Company] governing the Company view in the report. Then the dynamic RLS is implemented with a LOOKUP to that table looking for a matching USERPRINCIPALNAME().

My testing does work as expected in both local and service for all the defined users, but one.

The filter rule does fail for this user only on the service.

It seems like this user were an admin able to override any RLS rule.

But after extensive cheching, it tourned out that this user is not present anywhere I can check.

It's not a member of the report workspace, less than having any edit permissions.
It's not a member of the linked Sharepoint/Teams groups.

It doesn't show anywhere, but it can skip RLS.


Any hint would be GREATLY appreciated.





Community Support
Community Support

Hi, @maclura ;

Is your problem solved?? If so, Would you mind accept the helpful replies as solutions? Then we could close the thread. More people who have the same requirement will find the solution quickly and benefit here. Thank you.

Best Regards,
Community Support Team_ Yalan Wu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi @v-yalanwu-msft ,

we opened a ticket with Microsoft for this issue, and it's still open.

Microsoft has come back a couple of time with questions, but they seem to chew on this access problem a bit.

I will keep you updated on any outcome.



Please check, if you have any "Share"-Links created by the standard PowerBI Sharing Features - you can see this when checking context menu "..." -> "Manage Access" on the Report and Dataset. At least it helpen in my case...

Thank you @alexrobe for your hint.

I checked and I had 2 links for the report and 2 for the dataset. I removed all of them, but nothing changed! This user is still able to ignore any security rule.

One of the suggestions from Microsoft was that this user has never accessed PowerBI before, and that would explain why testing like that user doesn't work, but then we setup security rules for dozen of users who never accessed Power BI before, and none of them was able to override any rule.


Community Support
Community Support

Hi, @maclura ;

1.First check if he's a member of the group:

In the Power BI service, you can add a member to the role by typing in the email address or name of the user or security group. You can't add Groups created in Power BI. You can add members external to your organization.


2.You said that your desktop test is also that one person does not take effect, right? If it doesn't work in Service and on desktop, you can delete the data set and re-publish the new workspace to try it out.


3.Check The user is mapped to multiple roles.

Best Regards,
Community Support Team_ Yalan Wu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Helpful resources

Fabric Community Conference

Microsoft Fabric Community Conference

Join us at our first-ever Microsoft Fabric Community Conference, March 26-28, 2024 in Las Vegas with 100+ sessions by community experts and Microsoft engineering.

February 2024 Update Carousel

Power BI Monthly Update - February 2024

Check out the February 2024 Power BI update to learn about new features.

Fabric Career Hub

Microsoft Fabric Career Hub

Explore career paths and learn resources in Fabric.

Fabric Partner Community

Microsoft Fabric Partner Community

Engage with the Fabric engineering team, hear of product updates, business opportunities, and resources in the Fabric Partner Community.

Top Solution Authors
Top Kudoed Authors